Menu
Navigation

Global articles on espionage, spying, bugs, and other interesting topics.

Keep abreast of the espionage threats facing your organisation.

Intelligence officer facing espionage charge had top-level clearance

On Tuesday, the naval intelligence officer accused of spying had his bail hearing in a Halifax court delayed until next week at the request of his lawyer, who wanted more time to prepare. SLt. Delisle opted not to appear in court. “He doesn’t want to come up,” defence lawyer Cameron MacKeen told the judge, referring to the jail cells used by prisoners due in court.

What may be the biggest spy scandal in Canada in more than half a century exploded Monday after SLt. Delisle was charged with passing secrets to a “foreign entity” under Canada’s Information Security Act. It’s the first charge of its kind ever laid and one where the maximum penalty is the toughest possible under this country’s justice system: life in prison.

Details are slowly emerging about the Canadian Forces officer, despite a curtain of silence that’s been lowered by tight-lipped authorities, including the fact he declared bankruptcy in 1998.

The RCMP, Canadian military and the government refused to discuss the case but Defence Minister Peter MacKay took pains to insist the espionage allegations had not hurt the country’s relations with its foreign partners. “Let me assure you that our allies have full confidence in Canada.”

Sources say the Trinity communications centre was also privy to intelligence from Canada’s allies including the United States, Britain and Australia.

Officials at the U.S. and British embassies in Canada were not available for comment Tuesday.

Mr. MacKay on Tuesday refused to identify which country SLt. Delisle is alleged to have been spying for. “I’m not denying or confirming anything,” he said when asked to comment on news reports saying the recipient of the secrets was Russia.

“I am not going to play Clue,” he said.

A woman at Russia’s embassy in Ottawa said the embassy had no comment at this time on the Delisle story.

Sources said the Canadian government is currently conducting a damage assessment to discern how much national security has been compromised.

CTV reported Tuesday night that Canada is preparing a “measured response” to Russia that could include either summoning the Russian ambassador or expelling Russian diplomats.

However, the network said, the Harper government is leery of poisoning relations with Moscow and causing a public spat because the Prime Minister is headed to Russia later this year for a APEC summit.

Little is known about SLt. Delisle, 40, other than he most recently resided in Bedford, N.S., a suburb of Halifax, with a woman and three children.

His myspace.com page lists him as single as of 2008 and filings show a man with the same name and date of birth as the espionage suspect declared bankruptcy in Nova Scotia in February 1998 – less than two years after Jeffrey Delisle joined the Canadian Forces reserves.

It was barely a month before his 27th birthday, according to the record of the proceeding, and he owed $18,587 while declaring assets of $1,000.

He received a discharge from bankruptcy in November of 1998, filings show. The address given during the proceeding is currently assigned to a lower-level apartment at the back of a small house in Beaver Bank, a different suburb of Halifax.

Michael Hennessy, a professor of history and war studies at Royal Military College in Kingston, said the case is really unmatched in Canadian history – if the charges are proven. “For an officer and intelligence officer in particular to be involved in such behaviour is a massive betrayal of trust. It really is unprecedented.”

SLt. Delisle originally joined the Forces as a reservist in 1996 and later became an officer in 2008 after completing a bachelor of arts at Royal Military College.


Intelligence officer facing espionage charge had top-level clearance

On Tuesday, the naval intelligence officer accused of spying had his bail hearing in a Halifax court delayed until next week at the request of his lawyer, who wanted more time to prepare. SLt. Delisle opted not to appear in court. “He doesn’t want to come up,” defence lawyer Cameron MacKeen told the judge, referring to the jail cells used by prisoners due in court.

What may be the biggest spy scandal in Canada in more than half a century exploded Monday after SLt. Delisle was charged with passing secrets to a “foreign entity” under Canada’s Information Security Act. It’s the first charge of its kind ever laid and one where the maximum penalty is the toughest possible under this country’s justice system: life in prison.

Details are slowly emerging about the Canadian Forces officer, despite a curtain of silence that’s been lowered by tight-lipped authorities, including the fact he declared bankruptcy in 1998.

The RCMP, Canadian military and the government refused to discuss the case but Defence Minister Peter MacKay took pains to insist the espionage allegations had not hurt the country’s relations with its foreign partners. “Let me assure you that our allies have full confidence in Canada.”

Sources say the Trinity communications centre was also privy to intelligence from Canada’s allies including the United States, Britain and Australia.

Officials at the U.S. and British embassies in Canada were not available for comment Tuesday.

Mr. MacKay on Tuesday refused to identify which country SLt. Delisle is alleged to have been spying for. “I’m not denying or confirming anything,” he said when asked to comment on news reports saying the recipient of the secrets was Russia.

“I am not going to play Clue,” he said.

A woman at Russia’s embassy in Ottawa said the embassy had no comment at this time on the Delisle story.

Sources said the Canadian government is currently conducting a damage assessment to discern how much national security has been compromised.

CTV reported Tuesday night that Canada is preparing a “measured response” to Russia that could include either summoning the Russian ambassador or expelling Russian diplomats.

However, the network said, the Harper government is leery of poisoning relations with Moscow and causing a public spat because the Prime Minister is headed to Russia later this year for a APEC summit.

Little is known about SLt. Delisle, 40, other than he most recently resided in Bedford, N.S., a suburb of Halifax, with a woman and three children.

His myspace.com page lists him as single as of 2008 and filings show a man with the same name and date of birth as the espionage suspect declared bankruptcy in Nova Scotia in February 1998 – less than two years after Jeffrey Delisle joined the Canadian Forces reserves.

It was barely a month before his 27th birthday, according to the record of the proceeding, and he owed $18,587 while declaring assets of $1,000.

He received a discharge from bankruptcy in November of 1998, filings show. The address given during the proceeding is currently assigned to a lower-level apartment at the back of a small house in Beaver Bank, a different suburb of Halifax.

Michael Hennessy, a professor of history and war studies at Royal Military College in Kingston, said the case is really unmatched in Canadian history – if the charges are proven. “For an officer and intelligence officer in particular to be involved in such behaviour is a massive betrayal of trust. It really is unprecedented.”

SLt. Delisle originally joined the Forces as a reservist in 1996 and later became an officer in 2008 after completing a bachelor of arts at Royal Military College.


Industrial Espionage Gang Sends Malicious Emails in Security Vendor’s Name

A cybercrime gang that primarily targets companies from the chemical industry has launched a new series of attacks that involve malware-laden emails purporting to be from Symantec, the security vendor responsible for exposing its operation earlier this year.

Dubbed the Nitro attacks, the gang’s original industrial espionage efforts began sometime in July and lasted until September. The attackers’ modus operandi involved sending emails that carried a variant of the Poison Ivy backdoor and were specifically crafted for each targeted company.

Despite being publicly exposed by Symantec in an October report, the gang didn’t give up on its plans and, in fact, stuck to many of its techniques.

“The same group is still active, still targeting chemical companies, and still using the same social engineering modus operandi,” security researchers from Symantec said in a blog post on Monday.

“That is, they are sending targets a password-protected archive, through email, which contains a malicious executable,” they added.

The interesting aspect about the gang’s new attacks is that they are using Symantec’s own report in order to trick victims. One email intercepted by the security company was crafted to appear as if it were sent by its technical support department and warns recipients that many enterprise computers were infected with Poison Ivy.

The rogue messages claim that a special removal tool was released by Symantec in order to help its customers scan their systems. Attached to the email is a 7-Zip archive called the_nitro_attackspdf.7z containing a malicious executable file and a copy of Symantec’s original report about Nitro.

“The attackers, in an attempt to lend some validity to their email, are sending a document to targets that describes their very own activity,” Symantec said. The executable file is a new variant of Poison Ivy that connects to a command-and- control (CC) server hosted by the same provider used in the previous attacks.

The fake Symantec alert is not the only lure this gang is using. Other malicious emails that are part of the same campaign claim to originate from Adobe Systems and contain a fake upgrade for Adobe Reader.

Symantec managed to take down the domain name used by the new CC server and alerted the hosting provider. However, given the determination shown by these attackers so far, it’s unlikely that the Nitro attacks will stop.

The group’s primary goal is to steal domain administrator credentials, as well as to gain access to systems that store intellectual property. After identifying the “desired” IP, the attackers copy it to archives on internal systems used as staging servers, with the content uploaded from there to a site outside of the compromised organization, according to Symantec’s October report.


At Least Carrier IQ Is Not Giving Your Smartphone Data to the FBI

Carrier IQ, the controversial software company suspected of spying on over 150 million smartphone users, is opening its kimono and admitting to some mistakes. However, it’s also pushing back hard against the most aggressive allegations of privacy violations, including but not limited to a recent speculation that the company has been supplying the Federal Bureau of Investigation with confidential user data. In a 19-page-document riddled with bullet-points and book-ended by charts, the company provides it’s most comprehensive apparently honest explanation of exactly what Carrier IQ software collects, stores and sends to mobile carriers. In a corresponding QA with AllThingsD’s John Paczkowski, two of the company’s top executives trudged through the alleged privacy violations — they blamed the carriers for the worst ones — and sounded hurt by the scrutiny. “Our world has been turned upside down,”  Carrier IQ’s chief executive Larry Lenhart said. “We love what we do, and we have a lot of passion for it. And to see it misunderstood like this has been painful.”

Related: The Latest in the Widening Carrier IQ Phone Spying Scandal

Let’s start with the good news.

Carrier IQ is not an F.B.I. operative. Carrier IQ is denying haven given data to the F.B.I. after a report from the government transparency site MuckRock about the agency’s potential involvement drummed up a decent amount of anxiety this week. Long story short, the Feds denied a Freedom of Information Act (FOIA) request for information about Carrier IQ. The F.B.I. denied the request with a letter explaining that the  “material … requested is located in an investigative file which is exempt from disclosure.” The letter points to a section of the United States Code that exempts the Bureau from disclosing information that might be “used for law enforcement purposes.” This led the somewhat misleading headline: “FBI: Carrier IQ files used for ‘law enforcement purposes'” Not so, the company says. “We have never provided any data to the FBI. If approached by a law enforcement agency, we would refer them to the network operators because the diagnostic data collected belongs to them and not Carrier IQ,” a company spokesperson told The Atlantic Wire in an email.

Related: Reasons Not to Panic About the Carrier IQ Controversy

Carrier IQ collects data but mobile carriers use it. A number of the specific denials Carrier IQ makes in its explainer were already mounted about a week ago, when the controversy was really infuriating privacy advocates. Coward explained to The Atlantic Wire that his company does gather a lot of data but doesn’t actually log keystrokes, as was alleged in the YouTube video by Trevor Eckart that blew the lid off the scandal at the end of November. Carrier IQ apparently consulted with Eckhart for the new document and explains in depth what the code that showed up in Eckhart’s video does:

We cannot comment on all handset manufacturer implementations of Android. Our investigation of Trevor Eckhart’s video indicates that location, key presses, SMS and other information appears in log files as a result of debug messages from pre-production handset manufacturer software. Specifically it appears that the handset manufacturer software’s debug capabilities remained “switched on” in devices sold to consumers.

In other words, if you’re being spied on, it’s Carrier IQ’s customers, the mobile carriers, who doing the spying. If anybody is storing your data and potentially sharing it with law enforcement agencies, it’s them, Carrier IQ says. The report does add, “Carrier IQ is not a keylogger and no customer has asked Carrier IQ to capture key strokes.”

Related: Yes, Even iPhones Can Spy on You, Too

Now for the bad news.

Carrier IQ did accidentally collect a bunch of text messages. Thanks to the scrutiny, Carrier IQ realized that it was collecting some data that included “collection of layer 3 radio messages in which SMS messages may have been embedded.” This contradicts what Coward told us recently. The exact quote: “We would not record or transmit the contents of that SMS.” The report details how a bug caused the collection of text message data and a spokesperson told us that “a fix is in place.” Carrier IQ also claims that the text messages “were not decoded or made available in human readable form to Carrier IQ, its customers or any third party.”  While we appreciate the transparency, privacy champions will find it a little unsettling to hear Carrier IQ admit to collecting private data — even if it was happening accidentally.

Related: Your Smartphone Is Spying on You

This certainly isn’t the last we’ll hear from Carrier IQ. The company’s executives are set to meet with Senator Al Franken this week, to review the document (embedded in full below) and answer more questions. Meanwhile, Congressman Edward Markey has called for a Federal Trade Commission (FTC) probe into the matter, and an investigation is already getting started in Europe over the company’s data collection practice. Again, it does sound like Carrier IQ’s executives are pretty sorry for all of the confusion and controversy. Still no word from the mobile carriers, but it looks like they’ll have their day in court, too.

 


China’s cyber heist

 

p/p

Chinese espionage, especially cyber espionage, has reached extraordinary levels. ”They’re stealing everything that isn’t bolted down and it’s getting exponentially worse,” says Mike Rogers, chairman of the US permanent select committee on intelligence, in a report just released by Bloomberg.

Richard Clarke, former cyber security adviser to the White House, says China has been ”hacking its way into every corporation it can find listed in Dun and Bradstreet”. This theft of commercial intellectual property constitutes the greatest illegal transfer of wealth in history, says Scott Borg, director of the US cyber consequences unit.

We should be taking note of this in Australia for all sorts of reasons. Chinese hacking is targeting Australia and the United States, and there are national security as well as economic implications. Moreover, it is not only cyber espionage of which we need to be wary. High-level Soviet moles operated in this country during the Cold War and they have yet to be exposed.

We are even more vulnerable to Chinese espionage now than we were to Soviet espionage then. It’s time this hidden history was made public, if only to put the problem of Chinese (and revitalised Russian) espionage into sober perspective for an Australian public too given to complacency or cynicism in such matters.

Thirty years ago, in The National Times, Brian Toohey wrote about Soviet operations in Australia, based on an extended interview with CIA operations veteran Ted Shackley. His opening paragraph was stunning in its implications: ”The Soviet intelligence service, the KGB, has been more successful in its penetration operations in Australia than in any other country, according to hard evidence available to the American Central Intelligence Agency. The long standing CIA assessment is that the KGB has planted a mole in a key position in Canberra – probably high in the Foreign Affairs, Defence or the Prime Minister’s Department.”

The CIA’s hard evidence, Toohey wrote, had been built up over many years from both human and electronic sources. It demonstrated that the KGB had for years ”been able to obtain a much higher level of classified information from Canberra than anywhere else”. This was especially significant because much of what was obtained was sensitive intelligence shared with Australia by the United States.

Yet, as of 1981, the CIA had been baffled in trying to establish who exactly the Soviet mole or moles in Canberra were. Between 1993 and 1995, two highly secretive investigations, Operation Liver and the Cook inquiry, were conducted for the Keating government.

The investigators concluded that there had, indeed, been high-level, long-term penetration by Soviet intelligence, but the federal government has kept their findings under lock and key.

It’s high time they were unlocked, because they provide an insight into the danger now presented by China, which is far better placed than the Soviet Union was to plant moles and agents in Australia.

China is a huge trading partner of Australia, which the Soviet Union never was. It is ascendant at a time when the United States is floundering in economic and strategic terms. And, despite its sinister communist past and the ongoing ruthlessness of the communist regime there, it cultivates a ”Middle Kingdom” mystique.

Only a few well-placed people need be seduced for very serious damage to be done to our national security.

In his new book Tiger Trap: America’s Secret Spy War with China, David Wise fills in the deeper background behind the Bloomberg report. The book places recent developments in the context of ancient Chinese traditions of espionage going back to Sun Tzu. It shows that Chinese espionage has grown relentlessly in the past few decades, even as many of us came to see China as a reformed totalitarian state with a market economy and a growing stake in global order. It describes the structure of the Chinese intelligence agencies, their modus operandi and their recent strategic successes against the United States.

Wise tells, for example, of Chinese acquisition of the top-secret technology for the W-88 nuclear warhead for the missiles carried by the Trident submarine, stealth technology for fighters, and a great deal more from the high-tech sectors of the American economy and defence sector.

Even more disturbing is that the spies who are supplying this technology to China remain mostly undetected. A four-year investigation, from 1999 to 2003, by a veteran counter-intelligence officer, Stephen Dillard, was unable to pinpoint the source of the W-88 breach.

As with China’s relentless military build-up, there will be those who’ll say, ”Well, they’re not doing anything the Americans aren’t doing, so who are we to complain?”

That is to forget where we stand in the world and where our interests lie. We are a key ally of the United States; it is the bastion of our own strategic security; we depend on it for cutting-edge military technology; we house major joint facilities on our soil; we have a new agreement for increased US presence here; and China’s rising power and aspirations are, by regional agreement, the major uncertainty in Asia-Pacific stability for as far ahead as we can currently see.

Dr Paul Monk is a former China analyst with the Defence Intelligence Organisation and author of Thunder From The Silent Zone: Rethinking China.